In a recent statement, Australian Prime Minister Anthony Albanese has advised that citizens in Australia turn off their mobile phones for a specific period of five minutes each day as a precautionary cybersecurity measure.
The suggestion, which has gained attention and sparked discussions, aims to address potential spyware threats that may be running in the background of mobile devices.
Although the precise reasons behind the choice of five minutes and the daily frequency remain unclear, experts suggest that rebooting can help eliminate non-persistent threats in the device, according to security firm Sophos.
However, the same does not apply for persistent threats - a category of malware that can survive beyond the app that initiated them, existing even after a device is rebooted or shut down.
Meanwhile, non-persistent threats are transient and do not persist across sessions or reboots. Therefore, shutting down a device, all active apps and the operating system are closed, effectively stopping any malware or spyware processes running in the background.
Not sufficient to counter sophisticated malware
While rebooting a phone on a regular basis is generally harmless, it may not be sufficient to counter sophisticated malware, particularly persistent threats developed with significant resources.
Recent security updates from Apple (NASDAQ:AAPL), for instance, targeted zero-day code execution vulnerabilities in WebKit, the low-level browser software, and the operating system's kernel.
If attackers exploit a vulnerability in the browser and subsequently trigger a vulnerability in the kernel, they can gain control over the entire device.
In such cases, rebooting the phone daily may create a false sense of security, as the malware could reinstall itself automatically upon startup.
What does everyone think of this story? Have a good read and leave your comments here, I'd love to hear your thoughts ???? https://t.co/PxEDmqx01E— Troy Hunt (@troyhunt) June 26, 2023
How to enhance mobile security?
Considering the complexities of modern mobile cybersecurity, it is crucial to adopt additional measures beyond regular reboots.
Here are some other tips that the team at Sophos has to enhance mobile device security:
- Uninstall unnecessary apps: Remove apps that are not needed and delete associated data to minimise the risk of data exposure. Preinstalled software that cannot be uninstalled, known as bloatware, can often be disabled to prevent automatic background processes.
- Log out from unused apps: While it may be inconvenient, explicitly logging out from apps when not in use reduces the likelihood of unintentional data exposure. Rebooting a device does not log out of active apps, so manual logout procedures should be followed.
- Manage privacy settings: Familiarise yourself with the privacy settings of the apps and services you use. Configure settings within the operating system's settings app, the app itself, or online portals provided by service providers.
- Clear browser history: Regularly clear your browser history to remove tracking cookies and personal history items. The procedure for clearing history varies depending on the browser used.
- Optimise lock screen settings: Minimise the amount of information displayed on the lock screen to reduce potential vulnerabilities. Restrict access to emergency calls and device unlocking only.
- Set strong lock codes and short lock times: Use longer and more complex lock codes and set the shortest lock time you find manageable. Manually lock your device when not in use for added security.
- Be cautious about sharing personal data: Disable unnecessary features like Location Services, Wi-Fi, Bluetooth, or mobile connections when they are not required. Powering down the phone when not in use can also enhance security.
- Secure your SIM card: If applicable, set a PIN code for your SIM card to prevent unauthorized access and potential misuse of your phone's communication capabilities.
In addition to following these mobile security practices, applying similar precautions to laptops are also recommended.
While sleep mode may offer convenience, regularly rebooting laptops can provide a fresh start and eliminate any potential non-persistent threats.
It is also advised to clear browser history on laptops to prevent extensive tracking.
As cyber threats continue to evolve, it is crucial for individuals to stay vigilant and implement comprehensive security measures to safeguard their mobile devices and personal information.